80C286_1 Datasheet, PDF(23/60 Page) Intersil Corporation – High Performance Microprocessor with Memory Management and Protection

English

English German Russian Spanish Italian Polish Chinese Japanese Korean French Portuguese	Language :

80C286_1 Datasheet, PDF (23/60 Pages) Intersil Corporation – High Performance Microprocessor with Memory Management and Protection

◁

80C286

Control Transfer

Privilege Level Changes

Four types of control transfer can occur when a selector is

loaded into CS by a control transfer operation (see Table 13).

Each transfer type can only occur if the operation which

loaded the selector references the correct descriptor type.

Any violation of these descriptor usage rules (e.g. JMP

through a call gate or RET to a Task State Segment) will

cause exception 13.

Any control transfer that changes CPL within the task,

causes a change of stacks as part of the operation. Initial

values of SS:SP for privilege levels 0, 1, and 2 are kept in the

task state segment (refer to Task Switch Operation). During

a JMP or CALL control transfer, the new stack pointer is

loaded into the SS and SP registers and the previous stack

pointer is pushed onto the new stack.

The ability to reference a descriptor for control transfer is

also subject to rules of privilege. A CALL or JUMP instruc-

tion may only reference a code segment descriptor with DPL

equal to the task CPL or a conforming segment with DPL of

equal or greater privilege than CPL. The RPL of the selector

used to reference the code descriptor must have as much

privilege as CPL.

RET and IRET instructions may only reference code seg-

ment descriptors with descriptor privilege equal to or less

privileged than the task CPL. The selector loaded into CS is

the return address from the stack. After the return, the selec-

tor RPL is the task's new CPL. If CPL changes, the old stack

pointer is popped after the return address.

When a JMP or CALL references a Task State Segment

descriptor, the descriptor DPL must be the same or less priv-

ileged than the task's CPL. Reference to a valid Task State

Segment descriptor causes a task switch (see Task Switch

Operation). Reference to a Task State Segment descriptor at

a more privileged level than the task's CPL generates excep-

tion 13.

When an instruction or interrupt references a gate descriptor,

the gate DPL must have the same or less privilege than the

task CPL. If DPL is at a more privileged level than CPL,

exception 13 occurs. If the destination selector contained in

the gate references a code segment descriptor, the code

segment descriptor DPL must be the same or more privi-

leged than the task CPL. If not, Exception 13 is issued. After

the control transfer, the code segment descriptors DPL is the

task's new CPL. If the destination selector in the gate refer-

ences a task state segment, a task switch is automatically

performed (see Task Switch Operation).

When returning to the original privilege level, its stack is

restored as part of the RET or IRET instruction operation.

For subroutine calls that pass parameters on the stack and

cross privilege levels, a fixed number of words, as specified

in the gate, are copied from the previous stack to the current

stack. The inter-segment RET instruction with a stack adjust-

ment value will correctly restore the previous stack pointer

upon return.

Protection

The 80C286 includes mechanisms to protect critical instruc-

tions that effect the CPU execution state (e.g. HLT) and code

or data segments from improper usage. These protection

mechanisms are grouped into three forms:

â¢ Restricted usage of segments (e.g. no write allowed to

read-only data segments). The only segments available for

use are defined by descriptors in the Local Descriptor Table

(LDT) and Global Descriptor Table (GDT).

â¢ Restricted access to segments via the rules of privilege and

descriptor usage.

â¢ Privileged instructions or operations that may only be exe-

cuted at certain privilege levels as determined by the CPL

and I/O Privilege Level (lOPL). The lOPL is defined by bits

14 and 13 of the flag word.

These checks are performed for all instructions and can be

split into three categories: segment load checks (Table 14),

operand reference checks (Table 15), and privileged instruc-

tion checks (Table 16). Any violation of the rules shown will

result in an exception. A not-present exception related to the

stack segment causes exception 12.

The privilege rules on control transfer require:

â¢ JMP or CALL direct to a code segment (code segment

descriptor) can only be a conforming segment with DPL of

equal or greater privilege than CPL or a non-conforming

segment at the same privilege level.

TABLE 14. SEGMENT REGISTER LOAD CHECKS

ERROR DESCRIPTION

Descriptor table limit exceeded

EXCEPTION

NUMBER

â¢ Interrupts within the task, or calls that may change privilege

levels, can only transfer control through a gate at the same

or a less privileged level than CPL to a code segment at the

same or more privileged level than CPL.

â¢ Return instructions that don't switch tasks can only return

control to a code segment at the same or less privileged

level.

â¢ Task switch can be performed by a call, jump or interrupt

which references either a task gate or task state segment at

the same or less privileged level.

Segment descriptor not-present

Privilege rules violated

Invalid descriptor/segment type segment register

load:

- Read only data segment load to SS

- Special control descriptor load to DS, ES, SS

- Execute only Segment load to DS, ES, SS

- Data segment load to CS

- Read/Execute code segment load SS

11 or 12

▷